aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
* Install fallback drop policies to avoid transmitting unencrypted packets.Tobias Brunner2011-07-271-0/+17
| | | | | | | During the update of a CHILD_SA (e.g. caused by MOBIKE) the old policy is first uninstalled and then the new one is installed. In the short time in between, where no policy is available in the kernel, unencrypted packets could have been transmitted.
* Remove policies in kernel interfaces based on their priority.Tobias Brunner2011-07-272-21/+30
| | | | | | This allows to unroute a connection while the same connection is currently established. In this case both CHILD_SAs share the same reqid but the installed policies have different priorities.
* Inherit authentication information during IKE_SA rekeyingMartin Willi2011-07-251-0/+16
|
* fixed some more misspellingsAndreas Steffen2011-07-201-3/+3
|
* Fixed common misspellings.Tobias Brunner2011-07-206-18/+18
| | | | Mostly found by 'codespell'.
* shunt manager installs policies with %any hostsAndreas Steffen2011-07-141-3/+6
|
* Adapted shunt manager to changed kernel interface (reqid in del_policy).Tobias Brunner2011-07-061-3/+6
|
* Replaced more complex iterator usages.Tobias Brunner2011-07-061-25/+14
|
* Replaced ike_sa_t.create_additional_address_iterator with enumerator.Tobias Brunner2011-07-063-31/+33
|
* Replaced ike_sa_t.create_child_sa_iterator with enumerator.Tobias Brunner2011-07-066-72/+97
| | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA.
* Replaced simple iterator usages.Tobias Brunner2011-07-068-161/+162
|
* Add the reqid to kernel_ipsec_t.del_policy.Tobias Brunner2011-07-061-6/+12
|
* implemented PASS and DROP shunt policiesAndreas Steffen2011-06-282-0/+311
|
* Initialize trap_manager listener with INIT macro, tooMartin Willi2011-06-281-8/+9
|
* Migrated trap_manager_t to INIT/METHOD macrosAndreas Steffen2011-06-281-45/+32
|
* Check if colliding task has actually a CHILD, i.e. after a migrateMartin Willi2011-06-031-1/+4
|
* logging initial EAP Identifier in EAP Identity RequestAndreas Steffen2011-05-291-3/+5
|
* Added strongswan.conf option to override half open IKE_SA timeoutMartin Willi2011-05-161-1/+2
|
* Added a get_count() method to IKE_SA managerMartin Willi2011-05-162-3/+27
|
* Fixed identiation in private_ike_sa_managerMartin Willi2011-05-161-57/+57
|
* Added a non-blocking, skipping variant of IKE_SA enumeratorMartin Willi2011-05-162-6/+24
|
* Typo fixed.Tobias Brunner2011-04-281-1/+1
|
* Resolve and connect to RADIUS servers not before requiredMartin Willi2011-04-211-0/+1
|
* Remove superfluous test for peer_cfg on established IKE_SAsMartin Willi2011-04-201-1/+1
|
* Install ESN SAs if such a proposal has been negotiatedMartin Willi2011-04-201-1/+4
|
* Added an esn parameter to the kernel interface add_sa functionsMartin Willi2011-04-201-1/+1
|
* Clearly mark switch cases that fall through.Tobias Brunner2011-04-191-0/+1
|
* Neither rekey nor del can be NULL.Tobias Brunner2011-04-141-2/+2
|
* display EAP identifiers in HEX formatAndreas Steffen2011-04-061-4/+4
|
* log the EAP identifier also for vendor specific EAP methodsAndreas Steffen2011-04-051-2/+2
|
* log the initial value of the EAP identifierAndreas Steffen2011-04-051-5/+6
|
* added get_identifier() and set_identifier() methodsAndreas Steffen2011-04-051-3/+18
|
* Move establish/inherit of rekeyed IKE_SAs to delete messagesMartin Willi2011-03-155-58/+54
| | | | | | | | Having the inherit() function delayed to the IKE_SA establish procedure was problematic. The task destroy function was never a good place and results in locking/cleanup problems. After establishing the SA, it should be really checked in ASAP to avoid any triggered DPD checks to get lost.
* Wrap IKE delete after rekey into rekey task for responder, tooMartin Willi2011-03-151-1/+18
|
* Migrated ike_rekey task to INIT/METHOD macrosMartin Willi2011-03-151-59/+40
|
* Migrated sim_manager to INIT/METHOD macrosMartin Willi2011-03-081-150/+92
|
* Protect sim card/provider/hook (un-)registration with a rwlockMartin Willi2011-03-081-0/+58
|
* Splitted sim_manager.h header to sim_{card,provider,hooks}.hMartin Willi2011-03-084-226/+305
|
* Slightly change IKE_SA destruction order to inherit properly during ↵Martin Willi2011-02-282-3/+3
| | | | ike_rekey task destruction
* Report correct key size if a cipher is not supportedMartin Willi2011-02-071-1/+1
|
* Some typos fixed.Tobias Brunner2011-02-071-1/+1
|
* Invoke the per-round authorize() hook before purging current auth info on IKE_SAMartin Willi2011-02-031-10/+10
|
* Migrated ike_auth to INIT/METHOD macros, fixes missing initial_contact ↵Martin Willi2011-02-021-56/+34
| | | | initialization
* Do not use destroyed rng/hasher if IKE_SA has been flush()edMartin Willi2011-02-011-3/+9
|
* Do not log potentially hundreds of cert requests for unknown CAs at level 1Martin Willi2011-01-281-1/+8
|
* Revert "Send INITIAL_CONTACT even if we have a unique policy"Martin Willi2011-01-131-1/+2
| | | | | | | | It makes sense to omit INITIAL_CONTACT if don't have a unique policy, as a client might want to connect from different devices to the same account. This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.
* Force port update as responder when initiator switches to 4500 in IKE_AUTHMartin Willi2011-01-123-5/+6
|
* Avoid variable name overloadingMartin Willi2011-01-121-7/+11
|
* Send INITIAL_CONTACT even if we have a unique policyMartin Willi2011-01-101-2/+1
|
* Fix nonce comparison in rekey collisions, lowest nonce losesMartin Willi2011-01-072-7/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 01:35:10 +0000